Login

F5 Networks BIG-IP : Linux kernel driver vulnerabilities (K15912)

Medium Nessus Plugin ID 80059

Synopsis

The remote device is missing a vendor-supplied security patch.

Description

CVE-2014-3185Multiple buffer overflows in the command_port_read_callback function in drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial Driver in the Linux kernel before 3.16.2 allow physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with a bulk response.CVE-2014-3611 Race condition in the __kvm_migrate_pit_timer function in arch/x86/kvm/i8254.c in the KVM subsystem in the Linux kernel through 3.17.2 allows guest OS users to cause a denial of service (host OS crash) by leveraging incorrect PIT emulation.CVE-2014-3645 arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.12 does not have an exit handler for the INVEPT instruction, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application.CVE-2014-3646 arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel through 3.17.2 does not have an exit handler for the INVVPID instruction, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application.ImpactAn attacker may be able to gain access to unauthorized information, perform unauthorized modification of data, or cause disruption of services. CVE-2014-3185 require physical access to the device.CVE-2014-3611, CVE-2014-3645, and CVE-2014-3646 are considered local, as they are exploitable only by an authenticated user.

Solution

Upgrade to one of the non-vulnerable versions listed in the F5 Solution K15912.